| 一种新的注册表隐藏Rootkit检测方案 |
| |
| 引用本文: | 张登银,高德华,李鹏.一种新的注册表隐藏Rootkit检测方案[J].江苏大学学报(自然科学版),2010,31(3). |
| |
| 作者姓名: | 张登银 高德华 李鹏 |
| |
| 作者单位: | 南京邮电大学,计算机学院,江苏,南京,210003 |
| |
| 基金项目: | 国家“863”计划项目(2007AA701302,2008AA701202) |
| |
| 摘 要: | 为了检测通过篡改注册表文件而实现潜行于操作系统的Rootkit,分析了常见的Rootkit注册表隐藏技术以及相应的检测技术,并指出了当前检测技术存在的缺陷.在分析注册表文件的格式以及注册表操作控制流程的基础上,设计并实现了一种新型的注册表隐藏Rootkit检测方案.通过模拟win32系统底层枚举注册表键值的流程,获取真实有效的注册表键值,从而检测出隐藏的Root-kit.同时,在遍历注册表键值时使用了二叉搜索树算法以提高检测效率.试验表明该方法能准确并快速地检测出使用了注册表隐藏技术的Rootkit.
|
| 关 键 词: | 病毒 入侵检测 Rootkit 注册表 键索引 WinDbg |
A new detection scheme for registry hidden Rootkit |
| |
| Zhang Dengyin,Gao Dehua,Li Peng.A new detection scheme for registry hidden Rootkit[J].Journal of Jiangsu University:Natural Science Edition,2010,31(3). |
| |
| Authors: | Zhang Dengyin Gao Dehua Li Peng |
| |
| Institution: | College of Computer/a>;Nanjing University of Posts and Telecommunications/a>;Nanjing/a>;Jiangsu 210003/a>;China |
| |
| Abstract: | In order to detect the Rootkits which hid in a system by tampering registry file,the common hidden technology of Rootkits and corresponding detection methods were analyzed,and the weaknesses of these detection methods were pointed out.Based on the analysis of format of registry files and the flow control for a typical registry operation,a new Rootkit detection method was designed and realized.The process of enumerating the registry keys in win32 system kernel was simulated,and valid keys of registry were ob... |
| |
| Keywords: | viruses intrusion detection Rootkit registry key index WinDbg |
| 本文献已被 CNKI 万方数据 等数据库收录! |
